If a man speaks in a forest, and his wife's not there, is he still wrong?

Making an application work with SELinux

When you add a new service to an SELinux-enabled server, it may fail to work due to the local Linux policy.

This document describes how to add the necessary rules to the local policy to allow the service to work.

The example used is getting MySQL clustering to work on a FC4 server.

Pre-requisites

In order to modify the SELinux policy, you'll need to install the SElinux policy sources. On FC$, this means installing the selinux-policy-targeted-sources rpm:

# yum install selinux-policy-targeted-sources
Find out what rules are required

To determine the rules you need to add to your local SELinux policy, first startup your application - don't worry if it fails to start.

Now use the audit2allow tool to analyse the audit log and find out what SELinux policies are blocking your application from working:

# audit2allow -i /var/log/audit/audit.log -l
allow mysqld_t port_t:tcp_socket name_connect;
allow mysqld_t var_lib_t:file append;
allow mysqld_t var_lib_t:sock_file create;

Add these llines to /etc/selinux/targeted/src/policy/domains/misc/local.te, then make and activate the new policy:

# cd /etc/selinux/targeted/src/policy/
# make load

Now re-start your application.

Use audit2allow again to check whether all the rules were captured first time round. If not, repeat the process until no audit2allow produces no output.

See SELinux rules required for MySQL clustering for the full list of SELinux rules required for clustering to work on FC4.

Story Options

Making an application work with SELinux | 0 comments
The following comments are owned by whomever posted them. This site is not responsible for what they say.

Topics

  • Home
  • Misc (6/0)
  • Audio (5/0)
  • Linux (21/0)
  • Family (1/0)
  • Fishing Diary (1/0)
  • OpenSolaris (7/0)
  • Computing (11/0)
  • General News (7/0)
  • Chloe (1/0)
  • Emily (2/0)
  • Twins (5/0)
  • Classifieds (2/0)
  • GeekLog (2/0)
  • Project Management (1/0)
  • User Functions






    Lost your password?